Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp6094054ybl; Tue, 27 Aug 2019 14:22:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqzMuTphNPVOLjxPiBCtfkSRufL7WPf9Aml0TjWfwDCix9Zm/uHcViEDv7Ui2aqoe9t8xqMi X-Received: by 2002:a17:90a:cc0c:: with SMTP id b12mr790027pju.138.1566940931191; Tue, 27 Aug 2019 14:22:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566940931; cv=none; d=google.com; s=arc-20160816; b=f0WNMJ2qHUf8H+okC5YrVd07QXXHaL2NFijfK3t8hPxfDpr3YTZYcYKGvUome2NbOm 39QKYLVZnPJb3aXzWbzEH/JrWjQ++FEfOCJ2cBjBW9o1wdSxlKz5Y+MoEWmnaS2aVbVO njrtMWfeMYJ6aeg3E/FswpcLPoINTXBw4YG380yLWnFkYZGAsfmuanan5hPy4ee1Nc8D AaMMIZdk9cakO3Gx+OXnsTCNVb4YlpvO3MwLUwcQxZkINvPJySPB3bagvy5GvsYUlA6C 1YLkLYfHaz2k9QzQ/rMN0AjZXMuib+s3Vr31yKbfzEDZb6IjARmGH7aJzQUpouqjlqgX F7qQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=0Op/XSMrIysJpULC04xpUaPRhtlanxqg7GPxE15ATqo=; b=iIB4OO6McNCwW1Aa2bdmyv0KqsfxY3VS3Dqz1U9j/4OmfIwP2V54BwmUHYeeipf8OY 4hD2HmXywBDwWU5/27pNQ8mkbeFUmJSMNMgX6s6by34qJby+hoJ5pkB+j1NWotZJW1wU iisXpRfFGuznhgkCP4KIJPN2Y9ucFJ08hHj+4qw83gnaiymuaKnTM488v/Lnsnpb3AWF mpIw7mzk3SOlYQBKPenHiDqqkVDnGEKUehQsV4fk1G2HQ6YRREyLEJ7AMyycPnhQ6ITu vWV3NNYnvhLWMGQqi92ennqBkXwJ7yUcPxcI0D4q4w2V/+FVDeu3oB3YEWnbRNwkYfcy NZjg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 132si446466pgc.134.2019.08.27.14.21.59; Tue, 27 Aug 2019 14:22:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730473AbfH0VUU (ORCPT + 11 others); Tue, 27 Aug 2019 17:20:20 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:50545 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726871AbfH0VUU (ORCPT ); Tue, 27 Aug 2019 17:20:20 -0400 Received: from mail-oi1-f177.google.com (mail-oi1-f177.google.com [209.85.167.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id F279A5606B5 for ; Tue, 27 Aug 2019 23:20:15 +0200 (CEST) Received: by mail-oi1-f177.google.com with SMTP id v12so386358oic.12 for ; Tue, 27 Aug 2019 14:20:15 -0700 (PDT) X-Gm-Message-State: APjAAAXE4B7+JApp+dkask/hC+lzBmPckIEMToqVHyJyPpC1tkvUXTqk OEXmxzBgHRDZUsRjKMmYsajuElCWFYuFAwqb5Ng= X-Received: by 2002:a05:6808:30d:: with SMTP id i13mr566435oie.39.1566940814959; Tue, 27 Aug 2019 14:20:14 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Nicolas Iooss Date: Tue, 27 Aug 2019 23:20:03 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Adding a typo-checker for the .fc files of refpolicy To: Chris PeBenito Cc: selinux-refpolicy@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Tue Aug 27 23:20:16 2019 +0200 (CEST)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=60D6B5646C9 X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On Tue, Aug 27, 2019 at 6:05 AM Chris PeBenito wrote: > > On 8/18/19 4:38 PM, Nicolas Iooss wrote: > > Hello, > > > > After introducing a buggy file context in the policy (which will be > > fixed with https://github.com/SELinuxProject/refpolicy/pull/66), I > > decided to write a typo-checker for the .fc files. I am re-using some > > code I have already written in order to label files in /usr/bin > > correctly on Arch Linux (I wrote this for > > https://github.com/SELinuxProject/refpolicy/pull/19). It seems it > > already caught another issue in policy/modules/services/monit.fc. The > > "s9" seems to be a misspelling for "s0" in: > > > > /etc/rc\.d/init\.d/monit -- > > gen_context(system_u:object_r:monit_initrc_exec_t,s9) > > > > Is there an interest in having such a script in the repository? If > > What are the checks? > > > > yes, in which directory? > > > > In my humble opinion, it would be nice to have such a script and to > > make Travis-CI run it. I nevertheless feels uncomfortable with putting > > it in the "support" directory, because it is not involved in building > > or installing the reference policy. I am therefore suggesting creating > > a new directory, named "bin" or "scripts". Such a directory would > > contain scripts such as this typo-checker and some other scripts that > > could be useful when working on refpolicy. What do you think about > > this? > > "testing" might work too. Let's got for "testing" then. I began with tests about the endings of patterns, then added checks on patterns such as "(.*)?", etc. As the first version of my checker is ready for comments/review, I opened a Pull Request: https://github.com/SELinuxProject/refpolicy/pull/74. I tried to write understandable comments in order to make it easier to know what is checked. Thanks, Nicolas